When we talk about DevSecOps, we are talking about a continous integration and delivery but embedded with a security scanning along the way. And one of the best tool for doing a security scanning for your application library is OWASP dependency-check, and thankfully we can embed it to our application and run it thru pipeline by using a Maven plugin.

There is a downside tho, Owasp Maven plugin need to update its vulnerability database regularly online from NVD database which is perhaps not convenient for most enterprise environment where online network access is very-very limited.

But there is one workaround, we can use our repository such as Nexus or JFrog to host our NVD vulnerability database. The concept is pretty much we can see on below diagram,

There are two repository needed to build for fulfilling Maven Owasp requirement. One for java library, and another one for javascript.

DeploymentConfig on Openshift, and Kubernetes, have revisionHistoryLimit variable which shows how many history a DeploymentConfig should keep. By default it stores 10 last version of application deployment, but sometimes we have to stores less number of revision for saving storage space. Therefore we need to create a hard limit for number of revisionHistoryLimit allowed.

We can change directly on deploymentconfig’s Yml file, but for you who allergic to Yaml (such as me), OC command is much more convenient. This is how i change existing deploymentconfig’s configuration by utilizing OC patch command

Openshift is a very convenient platform, not only it provides an enterprise kubernetes cluster, but also provide its own image registry bundled within it. So we can push images and deploy it to our namescpace within our cluster in a timely manner. But there are times when i need to count how many images are resides in my existing Openshift cluster. After googling quite some time, i found the solution and write it here.

Sometimes we want to update some part of our Jenkins job, but if i have like 50 jobs does it means that i have to change fifty pipeline script one by one?

The solution is actually pretty much straigh forward, i can extract most of jenkinsfile script and put it on Git so that i can change it dynamically. Here is my simple script which i put on my github page